CVE-2013-6480

Currently unrated

Key Information:

Vendor: Apache
Status: Libcloud
Vendor: CVE Published:; 7 January 2014

Summary

Libcloud 0.12.3 through 0.13.2 does not set the scrub_data parameter for the destroy DigitalOcean API, which allows local users to obtain sensitive information by leveraging a new VM.

References

http://www.securityfocus.com/bid/64617

vdb-entryx_refsource_BID

http://libcloud.apache.org/security.html

x_refsource_CONFIRM

http://www.securityfocus.com/archive/1/530624/100/0/threaded

mailing-listx_refsource_BUGTRAQ

Timeline

Vulnerability published
Jan 7, 2014
Vulnerability Reserved
Nov 4, 2013